If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Java vs. JavaScript (security issues)

I haven't access to a server at the moment, and I am planning to create another web page. However, I want to create some security as an experiment (just to say that I did it). I want to know what your opinions are on using a Java applet versus JavaScript. I know that applets can be blocked, and that script can be read from the source code. Any suggestions or insight would be helpful.

In terms of security, there are a number of vulnerabilities that exist for both OOP languages. What sort of audience will be viewing your site? A lot of corporate security policies turn both Java and Javascript off for security reasons.

I guess depending on what you are planning on doing with it Java may have more flexibility, whereas Javascript can be learned and utilized over a weekend.

In terms of compatibility, Java may be cross platform but some applications are very sensitive to the version of the JRE that has been installed and in some cases installing a newer JRE will break older Java applets. Javascript (the Mozilla kind) is widely supported by the latest Mozzilla, IE and Opera browsers.

Re: Java vs. JavaScript (security issues)

Originally posted here by Spekter1080 I haven't access to a server at the moment, and I am planning to create another web page. However, I want to create some security as an experiment (just to say that I did it). I want to know what your opinions are on using a Java applet versus JavaScript. I know that applets can be blocked, and that script can be read from the source code. Any suggestions or insight would be helpful.

You don't need access to a server to test client side applications Just build your app and drag and drop the html into your browser. Client side authentication or security is an oxymoron. Java applets are harder to tweak and such in comparison to javascript, but they both suck. Applets are also easily reverse engineered.

Any authenthification should be done on the server and NOT in plain text but as far as any kind of functionality on the web site it should run on the client side. Why risk having possibly buggy code running on your hardware and why for that matter, waste server side resources

Soda, first of all, I never ment for the "security" to be anything more than an application of my skills. It is not intended to keep anyone out. Second of all, to someone who is not as computer literate as yourself, the methods that I have selected would perform just fine for the purposes that I intended it.

As for you, unhappy, I know already what you said. I do, however, totally agree with you. As you will recall, however, the experiment is not a serious attempt and should not be treated as such. Thank you for you input though.

I was taking a Java course last year to fine tune my skills. Our professor decided to skip javascript because she said it wont be used as much anymore because of security issues and that a lot of people block it now.

We ended up going into JSP more, which was great for me because it helped me with my web interface for the SQL database.

IMO, Java would be more secure. If you create your classes right, you have more flexability on how objects are used and how variables are accessed. I'm not a hacker or a security specialist, but I feel better having my main class files located on my server. In my case, I used Tomcat.

Originally posted here by Spekter1080 Second of all, to someone who is not as computer literate as yourself, the methods that I have selected would perform just fine for the purposes that I intended it.

Then I hope you can restrict users of your software by literacy. It only takes one threat to actualize a risk.

I want to know what your opinions are on using a Java applet versus JavaScript.

What's better at protecting a farm, a "do not enter" sign, or a scarecrow? I could give you an answer, but I can still steal your corn.

I'm going to make a couple of assumptions... If they are wrong.... don't yell... just correct them....

however, the experiment is not a serious attempt

You state that you want to create a web page. The implication of that is that you intend the page to be publicly available.

You state that you want to experiment with security. The implication is that you intend and are competent in monitoring that web page and, ultimately, the server for compromise.

You stated that your security isn't intended to keep anybody out.... Not sure what to say about that other than the point above is probably not going to occur, (proper monitoring and recognition of compromise).

Now to the guts of my response.....

You don't _play_ at security on the public internet.... Your web page becomes someone else's conduit to attack me... This is the irresponsible use of the internet that allows those of malicious intent to have their way so easily... You don't appear to be competent to do this properly, so please don't do it if it is publicly available...

Understood?

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides